Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2024:6890
HistorySep 19, 2024 - 5:05 p.m.

(RHSA-2024:6890) Important: Red Hat build of Keycloak 24.0.8 Update

2024-09-1917:05:17
access.redhat.com
2
red hat
keycloak
authentication
single sign-on
saml
privilege escalation
cve-2024-8698
redirect uri
validation
open redirect

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L

AI Score

7.8

Confidence

High

EPSS

0.005

Percentile

76.5%

JSON

Red Hat build of Keycloak 24.0.8 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.

Security fixes:

  • Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak (CVE-2024-8698)
  • Vulnerable Redirect URI Validation Results in Open Redirec (CVE-2024-8883)

Related

nessus 3
redhat 8
vulnrichment 2
osv 2
github 2
cve 2
wolfi 1
cvelist 2
nvd 2
redhatcve 2
nessus
nessus
RHEL 9 : Red Hat Single Sign-On 7.6.11 security update on RHEL 9 (Important) (RHSA-2024:6880)
2024-09-19 00:00:00
RHEL 8 : Red Hat Single Sign-On 7.6.11 security update on RHEL 8 (Important) (RHSA-2024:6879)
2024-09-19 00:00:00
RHEL 7 : Red Hat Single Sign-On 7.6.11 security update on RHEL 7 (Important) (RHSA-2024:6878)
2024-09-19 00:00:00
redhat
redhat
(RHSA-2024:6879) Important: Red Hat Single Sign-On 7.6.11 security update on RHEL 8
2024-09-19 16:39:24
(RHSA-2024:6889) Important: Red Hat build of Keycloak 24.0.8 Images Update
2024-09-19 17:05:11
(RHSA-2024:6887) Important: Red Hat build of Keycloak 22.0.13 Images Update
2024-09-19 17:01:19
vulnrichment
vulnrichment
CVE-2024-8883 Keycloak: vulnerable redirect uri validation results in open redirec
2024-09-19 15:48:28
CVE-2024-8698 Keycloak-saml-core: improper verification of saml responses leading to privilege escalation in keycloak
2024-09-19 15:48:18
osv
osv
Keycloak Open Redirect vulnerability
2024-09-19 18:30:52
Keycloak SAML signature validation flaw
2024-09-19 18:30:52
github
github
Keycloak Open Redirect vulnerability
2024-09-19 18:30:52
Keycloak SAML signature validation flaw
2024-09-19 18:30:52
cve
cve
CVE-2024-8883
2024-09-19 16:15:06
CVE-2024-8698
2024-09-19 16:15:06
wolfi
wolfi
CVE-2024-8883 vulnerabilities
2024-09-29 09:21:20
cvelist
cvelist
CVE-2024-8883 Keycloak: vulnerable redirect uri validation results in open redirec
2024-09-19 15:48:28
CVE-2024-8698 Keycloak-saml-core: improper verification of saml responses leading to privilege escalation in keycloak
2024-09-19 15:48:18
nvd
nvd
CVE-2024-8883
2024-09-19 16:15:06
CVE-2024-8698
2024-09-19 16:15:06
redhatcve
redhatcve
CVE-2024-8883
2024-09-19 15:45:27
CVE-2024-8698
2024-09-19 15:45:17

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L

AI Score

7.8

Confidence

High

EPSS

0.005

Percentile

76.5%

JSON
Related for RHSA-2024:6890
nessus3redhat8vulnrichment2osv2github2cve2wolfi1cvelist2nvd2redhatcve2